Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks

Authors:
Sanjeev Khanna;Santosh S. Venkatesh;Omid Fatemieh;Fariba Khan;Carl A. Gunter
Affiliations:
University of Pennsylvania, Philadelphia, PA;University of Pennsylvania, Philadelphia, PA;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2012

Citing 14
Cited 0

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Defending Against Denial-of-Service Attacks with Puzzle Auctions

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles

IEEE/ACM Transactions on Networking (TON)
Moderately hard, memory-bound functions

ACM Transactions on Internet Technology (TOIT)
Inferring Internet denial-of-service activity

ACM Transactions on Computer Systems (TOCS)
DDoS defense by offense

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
To filter or to authorize: network-layer DoS defense against multimillion-node botnets

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
TVA: a DoS-limiting network architecture

IEEE/ACM Transactions on Networking (TON)
A middleware system for protecting against application level denial of service attacks

Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol

Electronic Notes in Theoretical Computer Science (ENTCS)
Mitigating DoS attack through selective bin verification

NPSEC'05 Proceedings of the First international conference on Secure network protocols
Adaptive Defense Against Various Network Attacks

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Denial-of-service (DoS) attacks are considered within the province of a shared channel model in which attack rates may be large but are bounded and client request rates vary within fixed bounds. In this setting, it is shown that clients can adapt effectively to an attack by increasing their request rate based on timeout windows to estimate attack rates. The server will be able to process client requests with high probability while pruning out most of the attack by selective random sampling. The protocol introduced here, called Adaptive Selective Verification (ASV), is shown to use bandwidth efficiently and does not require any server state or assumptions about network congestion. The main results of the paper are a formulation of optimal performance and a proof that ASV is optimal.